Protection+-+Lampson


 * objects have unforgeable names and are what we want to protect
 * domains are rights to other objects
 * imagined access control, which could be represented as a big table called the access matrix
 * three ways to implement the access matrix
 * can have capabilities
 * can have access control lists
 * can have access matrix
 * because ACLs can be slow for repeated access, introduced the idea of "opening a file", where a capability is generated from an ACL